Target Data Breach & Security: Since the Target data breach incident and now with Neiman Marcus confirming that their customer payment card information was stolen, it exposes serious threat of POS malware and botnets and PCI compliant issues. If you own/manage a business that processes customer payment information, then you need to be aware of the below standards to protect sensitive customer data.
From our CEO’s desk, we encourage all our partners and clients to re- evaluate their security policy and make necessary steps to fix any holes, if found. If you need immediate assistance, please call us and we will walk you through in securing customer data and advise you in the right direction. Ace One has designed, architected and managed over 250 e-commerce sites over the period of 5 years and we understand all of the data compliancy issues and risks. Below are few steps you can take to secure your site and protect consumer data.
First and foremost you need to make sure your e-commerce site is PCI-DSS compliant. PCI DSS stands for Payment Card Industry Data Security Standard, this serves as a first step towards data security. PCI-DSS standards are created and managed by credit card issuers such as Visa, MasterCard, American Express, Discover and JCB. Any website or business who accepts payments or processes credit card data online or via a reader are required to follow these standards. Most banks requires you to be PCI compliant or else you will be subjected to fines and penalties if found non compliant. More over if a data breach happens you could be subjected to lawsuits, insurance claims, fines and a myriad of other issues. So what does these standards include ? Here is a brief overview of a few of the requirements:
a) Sensitive card holder data must be encrypted and protected when it’s stored and when it’s transmitted across public networks.
b) NEVER store CVVs, even if they’re encrypted.
c) NEVER send unprotected PANs (Primary Account Numbers) by end user messaging technologies like email, instant messaging or chat.
d) Keep your e-commerce software updated to the latest version in order to maintain the best possible security.
e) Limit access to cardholder data. Only staff members who require it to do their job should have access. Assign a unique login ID to each member of your team so you can monitor individual activity within your e-commerce software.
Now compliance with PCI-DSS can bring major benefits to your business on top of data security. PCI DSS compliant means, your site and systems are secure and customers can trust you with their sensitive credit card information and shop worry free. This earns Trust and wins customer confidence. That means returning customers and referrals which results in increased sales.
Now if you are unclear on how to achieve this or need help or have additional questions, please feel free to call us at 870-738-9433 or email us at email@example.com and we would be glad to help you out.